Trials@uspto.gov
`571-272-7822
`
`
`
`
`
`
`
`
`
`
`
`
`
` Paper No. 11
`Filed: April 3, 2018
`
`
`
`
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`CISCO SYSTEMS, INC.,
`Petitioner,
`
`v.
`
`FINJAN, INC.,
`Patent Owner.
`____________
`
`Case IPR2017-02155
`Patent 8,677,494 B2
`____________
`
`
`Before ZHENYU YANG, CHARLES J. BOUDREAU, and
`SHEILA F. McSHANE, Administrative Patent Judges.
`
`BOUDREAU, Administrative Patent Judge.
`
`
`
`
`DECISION
`Denying Institution of Inter Partes Review
`37 C.F.R. § 42.108
`
`
`
`
`
`
`
`
`
`571-272-7822
`
`
`
`
`
`
`
`
`
`
`
`
`
` Paper No. 11
`Filed: April 3, 2018
`
`
`
`
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`CISCO SYSTEMS, INC.,
`Petitioner,
`
`v.
`
`FINJAN, INC.,
`Patent Owner.
`____________
`
`Case IPR2017-02155
`Patent 8,677,494 B2
`____________
`
`
`Before ZHENYU YANG, CHARLES J. BOUDREAU, and
`SHEILA F. McSHANE, Administrative Patent Judges.
`
`BOUDREAU, Administrative Patent Judge.
`
`
`
`
`DECISION
`Denying Institution of Inter Partes Review
`37 C.F.R. § 42.108
`
`
`
`
`
`
`
`
`
`
`IPR2017-02155
`Patent 8,677,494 B2
`
`
`I. INTRODUCTION
`Cisco Systems, Inc. (“Petitioner”) filed a Petition (Paper 1, “Pet.”)
`requesting inter partes review of claims 10, 11, and 14–16 of U.S. Patent
`No. 8,677,494 B2 (Ex. 1001, “the ’494 patent”). Pet. 1. Finjan, Inc.
`(“Patent Owner”) filed a Preliminary Response. Paper 6 (“Prelim. Resp.”).
`With authorization from the Board, Petitioner additionally filed a Reply to
`Patent Owner’s Preliminary Response (Paper 8, “Reply”), to address Patent
`Owner’s arguments concerning application of the Board’s decision in
`General Plastic Industrial Co. v. Canon Kabushiki Kaisha, Case
`IPR2016-01357 (PTAB Sept. 6, 2017) (Paper 19), which was designated as
`a precedential decision after the filing of the Petition; and Patent Owner filed
`a Corrected Sur-reply (Paper 10, “Sur-reply”).
`We review the Petition under 35 U.S.C. § 314, which provides that an
`inter partes review may not be instituted “unless . . . there is a reasonable
`likelihood that the petitioner would prevail with respect to at least 1 of the
`claims challenged in the petition.” 35 U.S.C. § 314(a). For the reasons that
`follow and on this record, we are not persuaded that Petitioner demonstrates
`a reasonable likelihood of prevailing in showing the unpatentability of any
`of the challenged claims on the asserted grounds. Accordingly, we deny
`Petitioner’s request to institute an inter partes review.
`
`A. Related Proceedings
`The parties report that the ’494 patent is the subject of several district
`court actions, including Finjan, Inc. v. Cisco Systems, Inc., 5:17-cv-00072
`(N.D. Cal. 2017). Pet. 4–5; Paper 4, 1.
`
` 2
`
`
`
`
`
`
`
`
`IPR2017-02155
`Patent 8,677,494 B2
`
`
`Certain claims of the ’494 patent were challenged previously in
`petitions for inter partes review filed by Sophos, Inc. (Case
`IPR2015-01022), Symantec Corp. (Cases IPR2015-01892 and
`IPR2015-01897), Palo Alto Networks, Inc. (Case IPR2016-00159), and Blue
`Coat Systems, Inc. (Cases IPR2016-00890, IPR2016-01174, and
`IPR2016-01443). We denied the petitions in IPR2015-01022 on Sept. 24,
`2015, IPR2015-01897 on February 26, 2016, and IPR2016-01443 on
`January 23, 2017. We instituted a trial in IPR2015-01892, to which we later
`joined Blue Coat as a petitioner on a motion for joinder filed in
`IPR2016-00890, and we issued a final written decision on March 15, 2017.
`We also instituted a trial in IPR2016-00159, to which we also later joined
`Blue Coat as a petitioner on a motion for joinder filed in IPR2016-01174,
`and we issued a final written decision on April 11, 2017. Both final written
`decisions are currently on appeal to the U.S. Court of Appeals for the
`Federal Circuit, in Appeal Nos. 17-2034 and 17-2543, respectively.
`In addition to the instant Petition, Petitioner also has filed a petition
`seeking inter partes review of related U.S. Patent No. 6,154,844, which also
`is involved in the above-referenced Finjan, Inc. v. Cisco Systems, Inc.
`district court action. IPR2017-02154, Paper 1.
`
`B. The ’494 Patent
`The ’494 patent describes protection systems and methods “capable of
`protecting a personal computer (‘PC’) or other persistently or even
`intermittently network accessible devices or processes from harmful,
`
` 3
`
`
`
`
`
`
`
`
`IPR2017-02155
`Patent 8,677,494 B2
`
`undesirable, suspicious or other ‘malicious’ operations that might otherwise
`be effectuated by remotely operable code.” Ex. 1001, 2:51–56. “[R]emotely
`operable code that is protectable against can include,” for example,
`“downloadable application programs, Trojan horses and program code
`groupings, as well as software ‘components’, such as Java™ applets,
`ActiveX™ controls, JavaScript™/Visual Basic scripts, add-ins, etc., among
`others.” Id. at 2:59–64.
`
`C. Illustrative Claim
`Of the challenged claims, only claim 10, reproduced below, is
`independent.
`10. A system for managing Downloadables, comprising:
`a receiver for receiving an incoming Downloadable;
`a Downloadable scanner coupled with said receiver, for
`deriving security profile data for the Downloadable, including a
`list of suspicious computer operations that may be attempted by
`the Downloadable; and
`a database manager coupled with said Downloadable scanner,
`for storing the Downloadable security profile data in a database.
`
`Ex. 1001, 22:7–16.
`
` 4
`
`
`
`
`
`
`
`
`IPR2017-02155
`Patent 8,677,494 B2
`
`
`D. Asserted Grounds of Unpatentability
`Petitioner asserts the following grounds of unpatentability:
`
`Claims
`10, 11, 14–16
`
`10, 11, 14–16
`
`Basis
`§ 103
`
`References
`Shear1 and Kerchen2
`
`§ 103 Crawford 913 and the knowledge of
`a person of ordinary skill in the art
`
`
`Pet. 24. Petitioner also relies on a Declaration of Dr. Paul Clark, filed as
`Exhibit 1003.
`
`II. DISCUSSION
`A. Claim Construction
`Based on the ’494 patent’s claim of priority from U.S. Patent
`Application No. 08/790,097, filed January 29, 1997, the ’494 patent expired
`no later than January 29, 2017. See 35 U.S.C. § 154(a)(2). In an inter
`partes review, we construe claims of an expired patent according to the
`standard applied by the district courts. See In re Rambus Inc., 694 F.3d 42,
`46 (Fed. Cir. 2012). Specifically, we apply the principles set forth in
`Phillips v. AWH Corp., 415 F.3d 1303, 1312–17 (Fed. Cir. 2005) (en banc).
`
`
`1 US 6,157,721, issued Dec. 5, 2000 (filed Aug. 12, 1996) (Ex. 1004).
`2 Paul Kerchen et al., Static Analysis Virus Detection Tools for UNIX
`Systems, Proc. 13th Nat’l Computer Security Conf. 350 (1990) (Ex. 1019).
`3 R. Crawford et al., A Testbed for Malicious Code Detection: A Synthesis of
`Static and Dynamic Analysis Techniques, Proc. 14th Ann. Conf. Dep’t
`Energy Computer Security Group (1991) (Ex. 1011).
`
` 5
`
`
`
`
`
`
`
`
`IPR2017-02155
`Patent 8,677,494 B2
`
`Under that standard, the words of a claim are generally given their “ordinary
`and customary meaning,” which is the meaning the term would have to a
`person of ordinary skill at the time of the invention, in the context of the
`entire patent including the specification. See Phillips, 415 F.3d at 1312–13.
`Only those terms in controversy need to be construed, and only to the extent
`necessary to resolve the controversy. See Vivid Techs., Inc. v. Am. Sci. &
`Eng’g, Inc., 200 F.3d 795, 803 (Fed. Cir. 1999).
`Petitioner contends that each of the claim terms in the challenged
`claims should be given its plain and ordinary meaning and that no specific
`construction of any term is required. Pet. 11. Petitioner nonetheless
`addresses the phrase “a list of suspicious computer operations,” as recited in
`independent claim 10, “in light of arguments that Patent Owner has made in
`previous proceedings.” Id. Patent Owner responds to Petitioner’s
`arguments concerning this phrase and additionally proposes that the term
`“database,” which also is recited in independent claim 10, should be
`construed. Prelim. Resp. 4–11.
`
`1. “a list of suspicious computer operations”
`Petitioner contends, in particular, that although neither the previous
`petitioners nor Patent Owner explicitly sought a construction of the phrase
`“a list of suspicious computer operations” in prior inter partes review
`proceedings, Patent Owner “implicitly sought a narrow claim construction in
`[IPR2015-01894] . . . by arguing that this element . . . excludes the
`identification of non-suspicious operations, code or functions in the DSP.”
`
` 6
`
`
`
`
`
`
`
`
`IPR2017-02155
`Patent 8,677,494 B2
`
`Pet. 11. Petitioner points out that the Board determined in that earlier case
`that no terms required express construction and contends that, “[c]onsistent
`with [the IPR2015-01894] decision, there is no support for Patent Owner’s
`attempt to limit this claim term such that the DSP lists only suspicious
`operations.” Id. at 11–12 (citing IPR2015-01894, slip op. at 9 (PTAB
`Mar. 11, 2016) (Paper 7)). Petitioner further contends, “[t]he claims are
`written with the transitional phrase ‘comprising’ which is well recognized in
`patent practice to mean ‘including but not limited to,’ making improper the
`restrictive construction of ‘only.’” Id. at 12.
`Patent Owner responds that, under the Phillips standard, a “list of
`suspicious operations” means “a list of computer operations deemed
`suspicious.” Prelim. Resp. 5. Patent Owner recognizes, however, that the
`Board in the final written decisions in both IPR2015-01892 and
`IPR2016-00159 rejected that construction and determined that the correct
`construction of this phrase is “a list of all operations that could ever be
`deemed potentially hostile,” based on disclosure in the specification of the
`U.S. Patent No. 6,092,194, incorporated by reference in the ’494 patent, that
`“[t]he code scanner 325 may generate the DSP data 310 as a list of all
`operations in the Downloadable code which could ever be deemed
`potentially hostile and a list of all files to be accessed by the Downloadable
`code. . . .” Id. at 6–7 (quoting IPR2016-01892, slip op. at 11 (PTAB
`Mar. 15, 2017) (Paper 58) (quoting ’194 patent, 5:50–54)). Patent Owner
`asserts that the Board’s construction in those cases was erroneous, alleging,
`inter alia, that “every computer operation the Downloadable may attempt
`
` 7
`
`
`
`
`
`
`
`
`IPR2017-02155
`Patent 8,677,494 B2
`
`would be on such a list” and that “the embodiments of the ’494 Patent
`describing deriving ‘a list of suspicious computer operations[’] by
`‘determin[ing] whether the resolved command is suspicious’ would not
`result in the claimed ‘list . . . .’” Id. at 7–10.
`We disagree with Patent Owner’s contentions that the Board’s
`construction in IPR2015-01892 and IPR2016-00159 was erroneous and that
`such construction would exclude a preferred embodiment of the ’494 patent.
`See id. Regardless, because our determination not to institute trial in this
`proceeding does not depend on the construction of “a list of suspicious
`operations,” we conclude that there is no need to construe that phrase for
`purposes of this Decision. See Vivid Techs., Inc., 200 F.3d at 803.
`
`2. “database”
`Patent Owner contends that the term “database” means “a collection
`of interrelated data organized according to a database schema to serve one or
`more applications.” Prelim. Resp. 11. Patent Owner argues that this
`construction has been applied by every panel of the Board that has
`considered this term with respect to the ’494 patent and related patents, as
`well as the district court in Finjan, Inc. v. Sophos, Inc., No. 14-cv-01197
`(N.D. Cal. 2014), and has been agreed to by “numerous [p]etitioners
`considering this term in the context of the ’494 Patent and patents related
`thereto.” Id. (citations omitted).
`On this record and for purposes of this Decision, we adopt Patent
`Owner’s proposed construction. As Patent Owner points out (id.), this
`
` 8
`
`
`
`
`
`
`
`
`IPR2017-02155
`Patent 8,677,494 B2
`
`construction was applied by the Board in prior proceedings, and it also has
`been adopted by the U.S. District Court for the Northern District of
`California in litigation involving the ’494 patent. See, e.g., Finjan, Inc. v.
`Sophos, Inc., No. 14-cv-01197 (Dkt. No. 73 (Claim Construction Order), 3–
`7) (N.D. Cal. Mar. 2, 2015) (Ex. 2001, 3–7); Symantec Corp. v. Finjan, Inc.,
`Case IPR2015-01892, slip op. at 16 (PTAB March 15, 2017) (Paper 58)
`(Ex. 2007); Palo Alto Networks, Inc. v. Finjan, Inc., Case IPR2016-00159,
`slip op. at 12 (PTAB Apr. 11, 2017) (Paper 50) (Ex. 2008); Sophos, Inc. v.
`Finjan, Inc., Case IPR2015-01022, slip op. at 9–10 (PTAB Jan. 28, 2016)
`(Paper 9) (Ex. 2009); Sophos, Inc. v. Finjan, Inc., Case IPR2015-00907, slip
`op. at 8–10 (PTAB Sept. 24, 2015) (Paper 8). We discern no reason to
`deviate from those previous determinations here.
`
`B. Discussion of Asserted Grounds
`3. Principles of Law
`A patent claim is unpatentable under 35 U.S.C. § 103(a) if the
`differences between the claimed subject matter and the prior art are “such
`that the subject matter as a whole would have been obvious at the time the
`invention was made to a person having ordinary skill in the art to which said
`subject matter pertains.” KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 406
`(2007). The question of obviousness is resolved on the basis of underlying
`factual determinations, including (1) the scope and content of the prior art;
`(2) any differences between the claimed subject matter and the prior art;
`
` 9
`
`
`
`
`
`
`
`
`IPR2017-02155
`Patent 8,677,494 B2
`
`(3) the level of skill in the art;4 and (4) objective evidence of
`nonobviousness, i.e., secondary considerations.5 Graham v. John Deere
`Co., 383 U.S. 1, 17–18 (1966). “To satisfy its burden of proving
`obviousness, a petitioner cannot employ mere conclusory statements. The
`petitioner must instead articulate specific reasoning, based on evidence of
`record, to support the legal conclusion of obviousness.” In re Magnum Oil
`Tools Int’l, Ltd., 829 F.3d 1364, 1380 (Fed. Cir. 2016). We analyze the
`asserted grounds with the principles stated above in mind.
`
`4. Obviousness over Shear and Kerchen
`a. Overview of Shear
`Shear, titled “Systems and Methods Using Cryptography to Protect
`Secure Computing Environments,” is directed to protection of “[s]ecure
`computation environments” from “bogus or rogue load modules, executables
`and other data elements through use of digital signatures, seals and
`certificates issued by a verifying authority.” Ex. 1004, [54], [57]. Shear
`describes various harmful computer programs and other computer security
`risks, including “Trojan horses” such as computer viruses, and discloses that
`
`
`4 Relying on the testimony of Dr. Clark, Petitioner proposes a definition of a
`person of ordinary skill in the art of the ’494 patent in the November 1996
`timeframe. Pet. 12–13 (citing Ex. 1003 ¶ 22). Patent Owner does not
`challenge this definition. For purposes of this Decision and to the extent
`necessary, we adopt Petitioner’s definition.
`5 Patent Owner does not contend in its Preliminary Response that any such
`secondary considerations are present.
`
`
`10
`
`
`
`
`
`
`IPR2017-02155
`Patent 8,677,494 B2
`
`“[c]omputer security risks of all sorts—including the risks from computer
`viruses—have increased dramatically as computers have become
`increasingly connected to one another over the Internet and by other means.”
`Id. at 1:56–2:14. Shear further discloses that “[c]omputer viruses are by no
`means the only computer security risk made even more significant by
`increased computer connectivity,” pointing out that the “download and
`execute” capability of the Java computer language, which “allow[s]
`computers to interactively and dynamically download computer program
`code fragments (called ‘applets’) over an electronic network such as the
`internet, and execute the downloaded code fragments locally,” not only “has
`great potential,” but also “raises significant computer security concerns.” Id.
`at 2:27–46.
`In view of such risks, Shear purports to provide “improved techniques
`for protecting secure computation and/or execution spaces . . . from
`unauthorized (and potentially harmful) load modules or other ‘executables’
`or associated data.” Id. at 4:51–56. According to Shear, “[i]n accordance
`with one aspect provided by the present invention, one or more trusted
`verifying authorities validate load modules or other executables by analyzing
`and/or testing them.” Id. at 4:61–64. A verifying authority then “digitally
`‘signs’ and ‘certifies’ those load modules or other executables it has
`verified.” Id. at 4:64–66. Shear explains that protected processing
`environments and other protected execution spaces “can be programmed or
`otherwise conditioned to accept only those load modules or other
`executables bearing a digital signature/certificate of an accredited (or
`
`11
`
`
`
`
`
`
`IPR2017-02155
`Patent 8,677,494 B2
`
`particular) verifying authority”; that “[t]amper resistant barriers may be used
`to protect this programming or other conditioning”; and that “[a] web of
`trust may stand behind a verifying authority” and “prevent[] value chain
`participants from conspiring to defraud other value chain participants.” Id.
`at 5:1–25.
`“In accordance with another aspect,” Shear discloses, “each load
`module or other executable has specifications associated with it describing
`the executable, its operations, content, and functions.” Id. at 5:26–29.
`According to Shear,
`A verifying authority analyzes, validates, verifies,
`inspects, and/or tests the load module or other executable, and
`compares its results with the specifications associated with the
`load module or other executable. A verifying authority may
`digitally sign or certify only those load modules or other
`executables having proper specifications and may include the
`specifications as part of the material being signed or certified.
`A verifying authority may instead, or in addition,
`selectively be given the responsibility for analyzing the load
`module and generating a specification for it. Such a specification
`could be reviewed by the load module’s originator and/or any
`potential users of the load module.
`A verifying authority may selectively be given the
`authority to generate an additional specification for the load
`module, for example by translating a formal mathematical
`specification to other kinds of specifications. . . .
`Additionally, a verifying authority may selectively be
`empowered to modify the specifications to make it accurate—
`but may refuse to sign or certify load modules or other
`executables that are harmful or dangerous irrespective of the
`accuracy of their associated specifications. The specifications
`
`
`12
`
`
`
`
`
`
`IPR2017-02155
`Patent 8,677,494 B2
`
`
`may in some instances be viewable by ultimate users or other
`value chain participants . . . .
`In accordance with another aspect provided by the present
`invention, an execution environment protects
`itself by
`deciding—based on digital signatures, for example—which load
`modules or other executables it is willing to execute. A digital
`signature allows the execution environment to test both the
`authenticity and the integrity of the load module or other
`executables, as well permitting a user of such executables to
`determine their correctness with respect to their associated
`specifications or other description of their behavior, if such
`descriptions are included in the verification process.
`Id. at 5:40–6:15.
`
`b. Overview of Kerchen
`Kerchen is an article directed to the analysis of computer programs to
`identify suspicious code before the code is installed on a user’s computer.
`Ex. 1019, 350. Kerchen discloses two “heuristic tools” for detecting
`computer viruses, referred to as a “detector” tool and a “filter” tool. Id.
`at 350–63.
`The detector tool examines a computer program to determine if it
`contains any duplicate calls to operating system services. Id. at 351.
`According to Kerchen, “duplicated calls might be . . . indicative of a virus
`that has linked itself to the program.” Id. Kerchen discloses that the
`detector tool first disassembles the computer program being examined and
`then finds all instances of code that perform some operating system service.
`Id. If two different pieces of code are found to include the same service
`calls, this condition is flagged. Id. at 351–52.
`
`13
`
`
`
`
`
`
`IPR2017-02155
`Patent 8,677,494 B2
`
`
`The filter tool is designed to analyze an executable computer program
`to identify “the files that the program could write to.” Id. at 354. Using this
`methodology, the filter first identifies “all open calls in the program” and
`then “enumerate[s] the possible filename arguments to these calls.” Id.
`at 354–55. “Upon being presented with the names of files that the program
`could write, the user could determine if the program is suspicious.” Id.
`at 355. In summary, according to Kerchen, the “filter tries to determine the
`names of all files which might be modified by the program,” and “[b]y
`comparing the enumeration of names and the specified restriction, the virus
`filter can claim the program is safe or is suspicious.” Id. at 356.
`
`c. Analysis
`Petitioner contends that Shear discloses the preamble and the
`“receiver for receiving an incoming Downloadable” recited in independent
`claim 10. Pet. 37–39 (citing Ex. 1003 ¶¶ 100–103). In particular, Petitioner
`maps Shear’s verifying authority to the recited “receiver” and Shear’s load
`module to the recited “incoming Downloadable.” Id. at 38 (citing Ex. 1004,
`9:45–48, Fig. 2; Ex. 1003 ¶ 101).
`Petitioner relies on Shear in combination with Kerchen as disclosing
`“a Downloadable scanner coupled with said receiver, for deriving security
`profile data for the Downloadable,” as recited in claim 10. Id. at 39–43
`(citing Ex. 1003 ¶¶ 105–110). Petitioner contends, in particular, that Shear’s
`“specification ‘describing the executable, its operations, content, and
`functions’” corresponds to the recited “security profile data,” and that Shear
`
`
`14
`
`
`
`
`
`
`IPR2017-02155
`Patent 8,677,494 B2
`
`discloses that its verification authority—corresponding to the recited
`receiver—“can generate, add to, or modify these specifications.” Id. at 39–
`40 (citing Ex. 1004, 5:26–29, 5:48–50, 5:53–55, 5:61–63; Ex. 1003 ¶ 105).
`Petitioner further contends that “[t]o ensure ‘the specifications are both
`accurate and complete,’ Shear discloses that the verifying authority
`(receiver) uses software tools in order to determine whether the load
`executable is a virus or includes detectable bugs or other harmful
`functionality (suspicious operations).” Id. at 40–41 (citing Ex. 1003 ¶ 106;
`Ex. 1004, 10:12–22). According to Petitioner, “Shear describes that the
`verifying authority uses known tools to inspect the code and known
`techniques to test the load module in the preparation/verification of the
`specification” and a person of ordinary skill in the art (“POSA”) “would
`understand that Shear’s reference to the use of known tools would include a
`conventional scanner.” Id. at 41 (citing Ex. 1004, 10:12–31; Ex. 1003
`¶ 107).
`Further, Petitioner contends, “[t]o the extent Patent Owner argues that
`Shear does not sufficiently disclose a scanner to a POSA, Kerchen discloses
`that the detector tool scans a computer program (a Downloadable scanner)
`to determine if it contains any duplicate instances of operating system
`service calls (such as file operations like read and write), which would be
`flagged as suspicious code,” and “[i]t would have been obvious to combine
`the detector . . . of Kerchen with Shear.” Id. at 42 (citing Ex. 1019, 351;
`Ex. 1003 ¶ 108). More particularly, “[i]t would be obvious to a POSA to
`combine the detector disclosed in Kerchen with the verifying authority in
`
`15
`
`
`
`
`
`
`IPR2017-02155
`Patent 8,677,494 B2
`
`Shear that receives the executable in order to use a conventional technique
`for examining code to identify suspicious code,” “consistent with the mere
`reference to ‘conventional’ scanning techniques in the ’494 Patent . . . .” Id.
`at 43 (citing Ex. 1003 ¶ 109).
`Regarding the requirement in claim 10 that the security profile data
`“includ[es] a list of suspicious computer operations that may be attempted
`by the Downloadable,” Petitioner contends that “[a] POSA would have
`understood that both the code and the operations contained or performed in
`the executable are analyzed in Shear and would be identified in Shear’s
`specification, including well-known operations such as ‘read’, ‘write’,
`‘rename’, ‘delete’, ‘open’ etc.,” and that “[a] POSA also would have
`understood that these operations . . . may be considered to have harmful
`functionality and would be identified as suspicious so that appropriate action
`can be taken.” Id. at 43–44 (citing Ex. 1003 ¶ 111). Further, “[t]o the extent
`that the Patent Owner argues that Shear does not sufficiently identify the
`operations that would be considered suspicious, Kerchen identifies how and
`why to analyze code to identify suspicious operations (as an example of ‘one
`or more computer-based software testing techniques and/or tools’ to be used
`with Shear).” Id. at 44 (citing Ex. 1004, 10:18–19; Ex. 1003 ¶ 113).
`Finally, regarding the recited “database manager coupled with said
`Downloadable scanner, for storing the Downloadable security profile data in
`a database,” Petitioner contends that “Shear discloses the specification 110
`includes data in a number of fields of information preferably in a data file,”
`and “[i]n view of a POSA, it is implicit in the Shear patent that the data file
`
`16
`
`
`
`
`
`
`IPR2017-02155
`Patent 8,677,494 B2
`
`representing the specification 110 is stored in a ‘database.’” Id. at 45–46
`(citing Ex. 1003 ¶¶ 114, 116). According to Petitioner, Figure 4 of Shear
`illustrates that “the name of the load module, the author, and the functions
`are all included [in] the specification 110 in an organized structure,” and “[a]
`POSA would have understood the corresponding data file described by
`Shear would also be so structured.” Id. at 46. Further, Petitioner contends,
`“Shear incorporates by reference the entirety of Ginter et al,6 which
`explicitly discloses the use of a ‘database’ to store structured data.” Id.
`(citing Ex. 1:8–15; Ex. 1005, 12:21–13:10; Ex. 1003 ¶ 116). Through
`Ginter, Petitioner contends, “Shear . . . discloses that a ‘database
`manager 730 may then be used to organize, store, and retrieve the records,”
`and “the ‘database manager 730 may maintain the secure database 610.” Id.
`(citing Ex. 1005, 15:1–2, 11:14–18; Ex. 1003 ¶ 117). Moreover, “to the
`extent that Patent Owner argues that Shear does not sufficiently disclose that
`the specification is stored in a database, it would have been obvious to a
`POSA to modify Shear to store the generated specification in a database,
`consistent with the ’494 Patent specification’s admission that a database was
`a well-known, interchangeable store structure,” “(1) in order to preserve the
`structure nature of the data . . . [and] (2) [because] the use of databases was
`commonly used in virus detection technologies to store structured
`information derived from an analysis of the executable code as described in
`Kerchen.” Id. at 47–48 (citing Ex. 1003 ¶¶ 120–121). Petitioner concludes,
`
`6 U.S. Patent Application No. 08/388,107, filed Feb. 13, 1995 (Ex. 1005).
`
`17
`
`
`
`
`
`
`IPR2017-02155
`Patent 8,677,494 B2
`
`“because Kerchen discloses that the output of its detector tool would be
`stored in a database, the combination of the teachings of Shear with the
`teachings of Kerchen discussed above . . . also results in satisfying the
`‘storing the Downloadable security profile data in a database’ limitation.”
`Id. at 48 (citing Ex. 1003 ¶ 121).
`Patent Owner responds that Shear in view of Kerchen fails to disclose
`either the recited “Downloadable scanner . . . for deriving Downloadable
`security profile data, . . . including a list of suspicious computer operations”
`or the recited “database manager . . . for storing Downloadable security
`profile data in a database.” Prelim. Resp. 30–44.
`First, according to Patent Owner, Petitioner’s argument that “Shear
`describes that the verifying authority uses known tools to inspect the code
`and known techniques to test the load module in the preparation/verification
`of the specification” is “based on an inaccurate reading of Shear because
`Petitioner conflates what is provided in the specification and what Shear’s
`‘verifying authority’ does with the specification and Downloadable after the
`specification is already generated.” Id. at 30 (quoting Pet. 41). Patent
`Owner contends that the portion of Shear quoted by Petitioner in support of
`its argument demonstrates that Shear’s “‘analyzing tool(s)’ are not used ‘in
`the preparation’ of the specification that Petitioner equates with the DSP, but
`rather to verify that a load module ‘performs as specified by its associated
`specifications.’” Id. at 31 (quoting Ex. 1003, 10:12–22). Thus, Patent
`Owner contends, “whether generated by the developer or at the verifying
`authority, there is no indication . . . Shear teaches a Downloadable scanner
`
`18
`
`
`
`
`
`
`IPR2017-02155
`Patent 8,677,494 B2
`
`for deriving DSP data, including a list of suspicious computer operations
`that may be attempted by the Downloadable.” Id.
`Second, Patent Owner contends “Petitioner does not attempt to
`construe what the term Downloadable scanner encompasses or point to any
`disclosure in Shear that meets such a construction.” Id. Whereas “Petitioner
`conclusorily states a ‘POSA would understand that Shear’s reference to the
`use of known tools would include a conventional scanner,” Patent Owner
`argues, Petitioner does not “explain how these alleged ‘known tools’ used to
`verify the load module qualify as a ‘Downloadable scanner.’” Id. (quoting
`Pet. 41). Further, notwithstanding Petitioner’s assertion that “[t]he
`’494 patent acknowledges that scanners and the tools for deriving the data
`for the security profile were known in the art” (Pet. 41), Patent Owner
`contends that “[t]he ’494 Patent discloses that ‘code scanner 325 uses
`conventional parsing techniques to decompose the code,’ not that such a
`scanner or such techniques were known to be used in order to derive
`Downloadable security profile data for a Downloadable, let alone DSP data
`that includes a list of suspicious computer operations” (Prelim. Resp. 31–
`32).
`Third, Patent Owner contends, Shear does not state that its
`“specification” includes a list of suspicious computer operations that may be
`attempted by a Downloadable, but Shear’s specification instead “simply
`‘describ[es] the executable, its operations, content, and functions.’” Id. at 32
`(quoting Ex. 1004, 5:26–29). In response to Petitioner’s assertion that “[a]
`POSA would have understood that both the code and the operations
`
`19
`
`
`
`
`
`
`IPR2017-02155
`Patent 8,677,494 B2
`
`contained or performed in the executable are analyzed in Shear and would
`be identified in Shear’s specification, including well-known operations such
`as ‘read,’ ‘write,’ ‘rename,’ ‘delete,’ ‘open,’ etc. (a list of suspicious
`computer operations that may be attempted by the Downloadable)”
`(Pet. 43), Patent Owner argues that Petitioner cites no evidence to support
`this assertion other than the declaration of Dr. Clark, which “merely repeats
`the same argument and is likewise devoid of citation to any evidence to
`support this point.” Prelim. Resp. 33–34 (citing Ex. 1003 ¶ 111). Further,
`Patent Owner contends, “[n]ot only does Shear not disclose that those
`operations [are] identified in its specification,” but “the inclusion of those
`operations in the specification [would] not mean that Shear’s specification
`includes a list of suspicious computer operations that may be attempted by
`the Downloadable.” Id. at 34.
`According to Patent Owner, “Kerchen also fails to cure the
`deficiencies of Shear at least because it also does not teach or suggest [a]
`downloadable scanner for deriving DSP data, including a list of suspicious
`computer operations that may be attempted by a Downloadable.” Id. While
`acknowledging that Kerchen states that its “approach involves the analysis
`of a program prior to installation, the analysis attempting to identify
`suspicious code,” Patent Owner argues that “the question to be resolved is
`not whether it was known in the prior art to identify suspicious code,” but
`instead “whether it was known to use a scanner to derive DSP data that
`includes a list of suspicious computer operations that may be attempted by a
`Downloadable and a database manager for storing the DSP data in a
`
`20
`
`
`
`
`
`
`IPR2017-02155
`Patent 8,677,494 B2
`
`database.” Id. at 35 (quoting Ex. 1019, 351). According to Patent Owner,
`Kerchen does not do so, b
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
